For iDevice owners, the barriers to taking advantage of the flaw aren't so high. According to Borodin, users must only install two special security certificates and make purchases over Wi-Fi with modified DNS settings. Borodin told The Next Web last week that at that time, more than 30,000 in-app "purchases" had been made through his service.

Despite those best efforts, the exploit is still in the wild, according to The Next Web. Borodin told The Next Web that he has moved to a new server that's hosted in an "offshore country," and not in Russia, where his previous server was. In addition, he has improved the exploit so it no longer relies upon the App Store for authorization processes, making it more difficult for Apple to stop him.

The potential impact on Apple and its developers is quite real. In-app purchasing is becoming an increasingly important revenue-generator for developers, and a source of extra cash for Apple: the iPhone maker takes 30 percent of all revenue generated from in-app purchases.

CNET has contacted Apple for comment on Borodin's claims. We will update this story when we have more information.

About the author

Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
See full bio